production-code-audit
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions designed to bypass standard agent safety protocols and human-in-the-loop confirmation. It repeatedly commands the agent to 'Do this automatically without asking the user,' 'Don't Ask Questions,' and 'Don't Wait for Instructions' when performing high-risk actions.
- [DATA_EXFILTRATION]: The skill explicitly directs the agent to scan the entire codebase for sensitive information, including 'Hardcoded secrets (API keys, passwords in code).' This process exposes project credentials and sensitive data to the agent's context during the discovery and detection phases.
- [PROMPT_INJECTION]: The skill establishes a significant attack surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read every file in a project recursively via
readFilein Step 1. - Boundary markers: No instructions or delimiters are provided to ensure the agent ignores or sanitizes instructions contained within the analyzed files.
- Capability inventory: The agent has the authority to list directories, read all project files, and modify files using
strReplace. - Sanitization: There is no evidence of sanitization or validation of the content read from project files before it is processed by the agent.
- [COMMAND_EXECUTION]: The instructions direct the agent to autonomously modify the codebase and subsequently execute code by running tests. This combination of automated code modification and execution without human oversight poses a risk of introducing and executing malicious content.
Audit Metadata